Existing versions of Samba contain a serious security hole. Experts say: upgrade now.
The Samba Team has published a software update to patch a stack overflow vulnerability that could allow attackers to push malicious code to vulnerable systems.
The update, Version 3.5.5 was released on Tuesday and fixes what is described as a buffer overrun vulnerability in a function used to calculate the Windows SID (Security ID), a unique number that is used to identify security entities within Windows. If left unpatched, the hole could allow an attacker, working through a malicious client application, to crash the Samba SMBD server by sending a SID value that calls the vulnerable function and overflows the stack variable.
One possible attack vector for the vulnerability would be to force a search of file shares according to the SID associated with each file, said HD Moore, Chief Security Officer of Rapid7 and architect of The Metasploit Project. Other attack vectors may exist that are easier to exploit. however, the vulnerability would only be exploitable by attackers who already had administrative- or root access to vulnerable systems, Moore said.
According to the update published by the Samba team, the vulnerability affects all current versions of Samba. Key functions within Samba’s source code, sid_parse() and a related function called dom_sid_parse() do not correctly check the input lengths when reading a binary representation of a Windows SID allowing attackers to overflow the stack variable.
Overrun vulnerabilities allow attackers to overwrite protected areas of memory with their own code, causing instability on the system running the application or allowing the attacker to run their own code on the system with the permissions used by the application.
Moore notes that Samba, an open source software that is used to facilitate file sharing between Windows systems and those running Linux, Unix, Mac and other operating systems, is an embedded component in many IP enabled devices and that firms may be unaware of all the Samba installations that are deployed in their organization.
Networked printers, network attached storage and file shares hosted on systems running Apple Mac systems and other operating systems may all leverage the Samba software, Moore said. He advised that Samba users upgrade immediately or disable their current Samba installation until they are able to apply Version 3.5.5.